Skip to main content

Canonical Multipass CVE-2026-49237

| EUVDEUVD-2026-32900 HIGH
Incorrect Default Permissions (CWE-276)
2026-05-28 security@ubuntu.com
7.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.8 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Patch available
May 28, 2026 - 15:01 EUVD
Analysis Generated
May 28, 2026 - 14:31 vuln.today
CVE Published
May 28, 2026 - 14:16 nvd
HIGH 7.8

DescriptionCVE.org

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, and sshfs_server) in /Library/Application Support/com.canonical.multipass/bin/ retain ownership by the installing user and remain writable. Because the root LaunchDaemon (com.canonical.multipassd.plist) configures a PATH environment variable that prioritizes this user-writable directory and invokes these auxiliary binaries by their bare names, a local attacker can replace an auxiliary binary (such as qemu-img) with a malicious wrapper. When the root daemon subsequently triggers the binary during routine execution (e.g., via multipass launch), the malicious code executes with root privileges, leading to local privilege escalation.

AnalysisAI

Local privilege escalation in Canonical Multipass for macOS before 1.16.3 allows a low-privileged local user to obtain root execution by replacing co-located auxiliary binaries that the multipassd LaunchDaemon invokes via a user-writable PATH directory. The flaw is an incomplete remediation of CVE-2025-5199: while 1.16.0 corrected ownership of the multipassd binary itself, five sibling binaries (multipass, qemu-img, qemu-system-aarch64, qemu-system-x86_64, sshfs_server) were left owned by the installing user and writable, enabling binary planting. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Technical ContextAI

Multipass is Canonical's lightweight VM manager for macOS that ships a privileged LaunchDaemon (com.canonical.multipassd.plist) which manages QEMU-backed Ubuntu instances. The root daemon's plist defines a PATH environment that prioritizes /Library/Application Support/com.canonical.multipass/bin/ and invokes helper utilities (qemu-img, qemu-system-*, sshfs_server, multipass) by bare name rather than absolute path, so resolution of those names depends on directory contents and ownership. The root cause is CWE-276 (Incorrect Default Permissions): the installer left auxiliary executables owned and writable by the unprivileged installing user, so any code substituted at those paths is later loaded by a root-owned process - a classic write-where-root-reads trust boundary violation that the 1.16.0 fix only partially addressed by changing ownership of the daemon binary alone.

RemediationAI

Vendor-released patch: upgrade Canonical Multipass on macOS to version 1.16.3 or later, which is referenced as the fixed release in the GitHub Security Advisory at https://github.com/canonical/multipass/security/advisories/GHSA-r2xg-x32f-23c5. Until the upgrade is deployed, administrators can apply compensating controls by recursively changing ownership of /Library/Application Support/com.canonical.multipass/bin/ and its contents to root:wheel with mode 0755 so the installing user can no longer overwrite the auxiliary binaries (side effect: subsequent Multipass auto-updates or reinstalls performed under the user account may fail or revert permissions), and by unloading the LaunchDaemon with launchctl unload /Library/LaunchDaemons/com.canonical.multipassd.plist on systems where Multipass is not actively required (side effect: VM management via Multipass is disabled until reloaded). On multi-user macOS hosts, restrict interactive login to trusted accounts to reduce the local-attacker prerequisite.

CVE-2012-0217 HIGH POC
7.2 Jun 12

The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, as used in Citrix XenServer 6.0.2 and earlier and

CVE-2026-33309 CRITICAL POC
9.9 Mar 19

An authenticated path traversal vulnerability in Langflow's file upload functionality allows attackers to write arbitrar

CVE-2019-7304 CRITICAL POC
9.8 Apr 23

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an attacker to run arbitra

CVE-2026-33186 CRITICAL POC
9.1 Mar 18

An authorization bypass vulnerability in gRPC-Go allows attackers to circumvent path-based access control by sending HTT

CVE-2026-50180 HIGH POC
8.7 Jul 02

Arbitrary file read in Langroid's SQLChatAgent (<= 0.63.0) lets an attacker who can influence the LLM-generated SQL exfi

CVE-2020-14966 HIGH POC
7.5 Jun 22

An issue was discovered in the jsrsasign package through 8.0.18 for Node.js. Rated high severity (CVSS 7.5), this vulner

CVE-2020-13822 HIGH POC
7.7 Jun 04

The Elliptic package 6.5.2 for Node.js allows ECDSA signature malleability via variations in encoding, leading '\0' byte

CVE-2026-29181 HIGH POC
7.5 Apr 07

Resource exhaustion in OpenTelemetry Go propagation library (v1.41.0 and earlier) enables remote attackers to trigger se

CVE-2019-7303 HIGH POC
7.5 Apr 23

A vulnerability in the seccomp filters of Canonical snapd before version 2.37.4 allows a strict mode snap to insert char

CVE-2014-4699 MEDIUM POC
6.9 Jul 09

The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved

CVE-2017-7725 MEDIUM POC
6.1 Apr 13

concrete5 8.1.0 places incorrect trust in the HTTP Host header during caching, if the administrator did not define a "ca

CVE-2026-48816 MEDIUM POC
6.5 Jul 01

Timestamp forgery in sigstore-js allows an attacker supplying a crafted bundle v0.2 to manipulate certificate validity w

Share

CVE-2026-49237 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy